NIST Abandons Cryptography Algorithm in Wake of NSA Backdoor Concerns

The National Institute of Standards and Technology (NIST) has made the decision to abandon a controversial cryptographic algorithm used for random number generation in the wake of allegations that the National Security Agency may have weakened the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) for the benefit of their surveillance activities.

Based on concerns over the algorithm, NIST had recently commenced a public comment period on the embattled algorithm so that researchers could further examine the encryption standard and its overall reliability.

“We want to assure the IT cybersecurity community that the transparent, public process used to rigorously vet our standards is still in place. NIST would not deliberately weaken a cryptographic standard,” NIST officials stated previously. “If vulnerabilities are found in these or any other NIST standards, we will work with the cryptographic community to address them as quickly as possible.”

“The revised document retains three of the four previously available options for generating pseudorandom bits needed to create secure cryptographic keys for encrypting data,” NIST stated. “It omits an algorithm known as Dual_EC_DRBG, or Dual Elliptic Curve Deterministic Random Bit Generator. NIST recommends that current users of Dual_EC_DRBG transition to one of the three remaining approved algorithms as quickly as possible.”

“This doesn’t mean we think that AES is insecure, or SHA–2 is insecure, or even that P–384 is insecure. It doesn’t mean we think less of our friends at NIST, whom we have the utmost respect for; they are victims of the NSA’s perfidy, along with the rest of the free world. For us, the spell is broken. We’re just moving on. No kiss, no tears, no farewell souvenirs,” wrote Silent Circle co-founder John Callas of the decision.